Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I have to aggregate events in index by week and by month

snigdhasaxena
Communicator
‎07-18-2018 05:53 AM

I have tried using bin command but as
index=test| bin span=1w _time | chart count as total_count by _time, action

But this gives me event count over a span of 30days for every 7 days.

Please help me understand how to aggregate events in index by week and by month.

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎07-18-2018 09:56 AM

Try

index=test| eval week=strftime(_time,"%Y-%U")|eval month=strftime(_time,"%Y-%m")|chart count as total_count by week,month
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...